Answers

You could use the NMAPI to write some code to decode the traffic. In fact, we have a Network Monitor Expert on
http://www.codeplex.com/NMDecrypt which does this alread for certain types of SSL and TLS traffic. If this is similar traffic I would encourage you to update that expert. If this seems the way to go,
let me know and I'll tell you how you can get involved with this open source project.

If you need to write something separately, because it's not SSL/TLS, then I can provide more detail as to how this is done. But I think you could still follow the model presented in the NMDecrypt Expert.

All replies

You could use the NMAPI to write some code to decode the traffic. In fact, we have a Network Monitor Expert on
http://www.codeplex.com/NMDecrypt which does this alread for certain types of SSL and TLS traffic. If this is similar traffic I would encourage you to update that expert. If this seems the way to go,
let me know and I'll tell you how you can get involved with this open source project.

If you need to write something separately, because it's not SSL/TLS, then I can provide more detail as to how this is done. But I think you could still follow the model presented in the NMDecrypt Expert.

We never provided a way to plugin into NPL. While the idea sounds good, one of our strenghs is isolating the parser from DLL type code. This reduces the surface attacks for bad/malicoious code which is important as captures are often need from
production type servers. Exposing a DLL interface could make it possible for somebody to exploit this data.

However, using the API you can do something similar, albiet a bit disconnected from the original data and in a post processing type step. If you need more help just let us know.